/*
 * pi3's Linux kernel Runtime Guard
 *
 * Component:
 *  - Intercept *call_usermodehelper* function
 *
 * Notes:
 *  - We are maintianing Red-Black tree of pid's for Exploit Detection feature.
 *    When kernel calls user-mode helper, we need to update RB tree.
 *
 * Caveats:
 *  - None
 *
 * Timeline:
 *  - Created: 12.II.2018
 *
 * Author:
 *  - Adam 'pi3' Zabrocki (http://pi3.com.pl)
 *
 */

#ifndef P_LKRG_EXPLOIT_DETECTION_CALL_USERMODEHELPER_H
#define P_LKRG_EXPLOIT_DETECTION_CALL_USERMODEHELPER_H

/* per-instance private data */
struct p_call_usermodehelper_data {
    ktime_t entry_stamp;
};

int p_call_usermodehelper_ret(struct kretprobe_instance *ri, struct pt_regs *p_regs);
int p_call_usermodehelper_entry(struct kretprobe_instance *p_ri, struct pt_regs *p_regs);
int p_install_call_usermodehelper_hook(int p_isra);
void p_uninstall_call_usermodehelper_hook(void);

#endif
